Adobe drops IE6 Flash support

And fires massive attack on Flash zero days.

Usually it’s people like Steve Jobs knifing Adobe's Flash Player, but this time Adobe is on the other side, killing support for Microsoft’s aging desktop browser Internet Explorer 6.

Almost no one will be affected by Adobe’s decision to ditch Flash Player support for IE6. Just 7 percent of the world use IE6, and they’re mostly from China, except one key group in the West: enterprise desktop users running Windows XP machines.

The version of Flash Player that Adobe will no longer support is legacy too.

“Since Flash Player 11 was first released in September 2011, we have continued to maintain Flash Player 10.3 with security updates for users who cannot update to the current version of Flash Player,” senior Adobe security engineer Peleus Uhley said.

"In support of Microsoft's initiative to get the world to drop Internet Explorer 6 and upgrade to a newer version of Internet Explorer for a safer browsing experience, Adobe will be dropping support for Internet Explorer 6 starting with today's release of Flash Player 10.3."

Uhley said, however, that Adobe "will not block the installation of newer versions of Flash Player 10.3 on systems running Internet Explorer 6".

Adobe tackles Flash zero days with stealth updates

Threats against Windows XP and above should also decline with Adobe’s introduction of updates by stealth, which Uhley compared to the way Google updates Chrome.

“The new background updater will provide a better experience for our customers, and it will allow us to more rapidly respond to zero-day attacks. This model for updating users is similar to the Google Chrome update experience, and Google has had great success with this approach,” he said.

It will be an important security move for Adobe, which acknowledges that nearly every piece of malware installs through an exploit kit that targets widely-used but outdated software.

That makes Adobe’s Flash Player a popular target to breach mostly Windows-based systems, but also socially engineer attacks against Mac OS X users.

“Attackers have been taking advantage of users trying to manually search for Flash Player updates by buying ads on search engines pretending to be legitimate Flash Player download sites.”

Adobe released its latest Flash update on Wednesday, version 11.2, recommending consumers check the “install updates automatically when available” field, which should stop people aimlessly wandering the web for the latest Flash update only to install malware.

Enterprise, which need more controlled updated processes, will be given an option to disable silent Flash updates.

“Organisations with managed environments do have the capability to disable the background updater feature through the Flash Player mms.cfg file,” Uhley said.

Take part in discussions with comments on blogs, news and reviews; receive all the latest industry news directly to your inbox and tailor make your information specifically to your interests. Join now for free.

Please check your email

A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.

If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.